CompTIA Security+ Physical Security

What is physical security?

Measures to protect tangible assets (buildings, equipment, people) from harm or unauthorized access.

What are the primary purposes of fencing in physical security?

Provides a visual deterrent by defining a boundary.

Establishes a physical barrier against unauthorized entry.

Delays intruders, giving security personnel more time to react.

What are bollards and their purpose?

A short, robust vertical post (usually steel or concrete).

Designed to manage or redirect vehicular traffic, especially to counter vehicle-based threats.

How does fencing differ from bollards in terms of application?

Fences can enclose large perimeters; bollards protect specific points from vehicles.

Why are fencing and bollards considered primitive security tools?

They are basic physical barriers used to protect assets and people by deterring and delaying unauthorized access.

What is a brute force attack in physical security?

Type of attack where access to a system is gained by simply trying all of the

possibilities until you break through

What are four types of brute force attacks?

Forcible entry, tampering with security devices, confronting security personnel, and ramming barriers with vehicles.

Forcible Entry

● An act of gaining unauthorized access to a space by physically breaking or

bypassing its barriers, such as windows, doors, or fences

How can organizations mitigate forcible entry?

Use deadbolts, metal doors, strong door frames, and solid-core doors.

Tampering with security devices

● Involves manipulating security devices to create new vulnerabilities that

can be exploited

How can tampering with security devices be prevented?

Implement redundant systems and regular inspections.

Confronting security personnel

● Involves the direct confrontation or attack of your organization's security

personnel

How can security guards prepare for confrontations?

Through conflict resolution and self-defense training.

Ramming barriers with vehicles

● Uses a car, truck, or other motorized vehicle to ram into the

organization's physical security barriers, such as a fence, a gate, or even

the side of your building

What prevents vehicle ramming attacks?

Installing bollards or reinforced barriers.

What is a surveillance system?

An organized strategy or setup designed to observe and report activities in a given area

What are the four components of surveillance?

Video surveillance, security guards, lighting, and sensors.

What are key features of video surveillance?

Motion detection, night vision, facial recognition, Remote access & real-time feedback, PTZ.

What’s the difference between wired and wireless surveillance systems?

Wired systems use physical cables; wireless systems use Wi-Fi.

What does PTZ stand for?

Pan-Tilt-Zoom – it allows dynamic control of camera angle and view.

Where should surveillance cameras be installed?

Data centers, telecom closets, entrances, and exits.

Why is security guards important for surveillance?

● Flexible and adaptable forms of surveillance that organizations use

● Helps to reassure your staff or your customers that they are safe

Why is proper lighting important for surveillance?

Deters criminals

Reduces shadows/hiding spots

Improves video quality

Why is Sensors important for surveillance?

Devices that detect and respond to external stimuli or changes in the environment

List the 4 types of surveillance sensors.

Infrared, Pressure, Microwave, Ultrasonic.

Infrared Sensors

Detect changes in infrared radiation that is often emitted by warm bodies like humans or animals

Pressure Sensors

Activated whenever a specified minimum amount of

weight is detected on the sensor that is embedded into the

floor or a mat

Microwave Sensors

Detect movement in an area by emitting microwave pulses

and measuring their reflection off moving objects

Ultrasonic Sensors

Measures the reflection of ultrasonic waves off moving

objects

List 5 methods attackers use to bypass surveillance.

Visual obstruction, blinding Sensors and Cameras, acoustic interference, Electromagnetic Interference (EMI), and attacking the Physical Environment.

Visual Obstruction

Blocking the camera’s line of sight by:
○ spraying paint or foam onto the camera lens

○ placing asticker or tape over the lens

○ positioning objects like balloons or umbrellas in front of the

camera to block its view

Blinding Sensors and Cameras

Involves overwhelming the sensor or camera with a sudden burst of light to render it ineffective for a limited period of time

Interfering with Acoustics

● Acoustic systems are designed to listen to the environment to detect if someone is in the area or to eavesdrop on their conversations

● Jamming or playing loud music to disrupt the microphone’s functionality

Interfering with Electromagnetic

Involves jamming the signals that surveillance system relies on to

monitor the environment

What does EMI stand for?

Electromagnetic Interference

Attacking the Physical Environment

Exploit the environment around the surveillance equipment to

compromise their functionality

Physical tampering, like cutting wires or physically disabling devices, is an effective

strategy to bypass surveillance systems

What protects against surveillance bypassing?

Tamper detection, system redundancy, countermeasures, and advanced monitoring.

What does an access control vestibule do?

A double-door system that is designed with two doors that are electronically

controlled to ensure that only one door can be open at a given time

Define piggybacking.

Involves two people working together with one person who has

legitimate access intentionally allows another person who doesn't have

proper authorization to enter a secure area with them

Define tailgating.

Occurs whenever an unauthorized person closely follows someone through the access control vestibule who has legitimate access into the secure space without their knowledge or consent

What’s the difference between piggybacking and tailgating?

Piggybacking involves consent; tailgating does not.

What technologies do access badges use?

RFID, NFC, magnetic strips.

Why are security guards posted at access points?

To deter intruders, verify ID, assist, and respond to incidents.

Why are door locks important in physical security?

Critical physical security control measure designed to restrict and regulate access

to specific spaces or properties, preventing unauthorized intrusions and

safeguarding sensitive data and individuals

What are the different type of locks the a door can have?

Padlocks, Basic Door Locks, and Electronic Locks

Traditional Padlocks

Easily defeated and offers minimal protection

Basic Door Locks

Vulnerable to simple techniques like lock picking

Electronic Door Locks

Use advanced authentication for stronger security.

What are three authentication methods used in electronic door locks?

Identification numbers

Wireless signals

Biometrics

Identification numbers

Require entry of a unique code, providing a balance of security and convenience

Wireless signals

Utilize technologies like NFC, Wi-Fi, Bluetooth, or RFID for

unlocking

Biometrics

Rely on physical characteristics like fingerprints, retinal scans, or facial recognition for authentication

What are the three biometric authentication challenges?

FAR (False Acceptance), FRR (False Rejection), CER (Crossover Error Rate).

What is FAR?

○ Occurs when the system erroneously

authenticates an unauthorized user

○ Lower FAR by increasing scanner sensitivity

What is FRR?

Denies access to an authorized user.

Increasing sensitivity can increase FRR

What is CER?

A balance between FAR and FRR for optimal

authentication effectiveness

What can improve biometric security?

Using multiple factors like PIN + fingerprint or Cipher Locks.

What is a Cipher Locks?

■ Mechanical locks with numbered push buttons, requiring a correct combination

to open

■ Commonly used in high-security areas like server rooms

What is access badge cloning?

Copying RFID/NFC badge data to a new device to gain unauthorized access.

What are the 4 steps in access badge cloning?

Scanning the target badge.

Extracting data (e.g., RFID/NFC credentials).

Writing data to a blank card/device.

Using the clone for unauthorized access.

Why is badge cloning common?

■ Ease of execution

■ Ability to be stealthy when conducting the attack

■ Potentially widespread use in compromising physical security

How can badge cloning be prevented?

■ Implement advanced encryption in your card-based authentication systems

■ Implement Multi-Factor Authentication (MFA)

■ Regularly update your security protocols

■ Educate your users

■ Implement the use of shielded wallets or sleeves with your RFID access badges

■ Monitor and audit your access logs